Stack overflow

A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible t...

Sql injection

A vulnerability was found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/reggo.php of the component HTTP POST Request Handler. The manipulation of the argument usernamereg leads to sql injection. The exploit has...

Sql injection

A vulnerability, which was classified as critical, has been found in CXBSoft Url-shorting up to 1.3.1. This issue affects some unknown processing of the file /admin/pages/updatego.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The...

Sql injection

A vulnerability, which was classified as critical, was found in CXBSoft Post-Office 1.0. Affected is an unknown function of the file /admin/pages/updatego.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclose...

Sql injection

A vulnerability was found in CXBSoft Url-shorting up to 1.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument url leads to sql injection. The exploit has been disclosed to the public and may be used...

Sql injection

A vulnerability classified as critical was found in CXBSoft Url-shorting up to 1.3.1. This vulnerability affects unknown code of the file /pages/shorttolong.php of the component HTTP POST Request Handler. The manipulation of the argument shorturl leads to sql injection. The exploit has been...

Sql injection

A vulnerability classified as critical has been found in CXBSoft Url-shorting up to 1.3.1. This affects an unknown part of the file /pages/longsshort.php of the component HTTP POST Request Handler. The manipulation of the argument longurl leads to sql injection. The exploit has been disclosed to...

Cross site request forgery (csrf)

A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. It is...

Sql injection

A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslidechildaction in the library lib/admin/languageadmin.php. The manipulation of the argument sid leads to sql injection. The attack can be launched remotely. The...

Server side request forgery (ssrf)

A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Affected by this issue is the function httppost of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched...

Design/Logic Flaw

A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has bee...

Cross site scripting

A vulnerability was found in code-projects Online FIR System 1.0. It has been classified as problematic. This affects an unknown part of the file registercomplaint.php. The manipulation of the argument Name/Address leads to cross site scripting. It is possible to initiate the attack remotely. The...

Cross site scripting

A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file addreserve.php of the component Make a Reservation Page. The manipulation of the argument Firstname/Lastname with the input...

Sql injection

A vulnerability was found in SourceCodester House Rental Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file manageuser.php of the component Edit User. The manipulation of the argument id/name/username leads to sql injection. The atta...

Cross site scripting

A vulnerability has been found in SourceCodester House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Manage Invoice Details. The manipulation of the argument Invoice leads to cross site scripting. The attack...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester House Rental Management System 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. T...

Cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Affected is an unknown function of the component Manage Tenant Details. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack...

Sql injection

A vulnerability was found in Campcodes Student Information System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Users.php?f=save. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The...

Sql injection

A vulnerability was found in Project Worlds Lawyer Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file searchLawyer.php. The manipulation of the argument experience leads to sql injection. The attack can be launched...

Sql injection

A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file itemlistedit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated...

Sql injection

A vulnerability has been found in Kashipara Billing Software 1.0 and classified as critical. This vulnerability affects unknown code of the file partysubmit.php of the component HTTP POST Request Handler. The manipulation of the argument partyname leads to sql injection. The attack can be initiat...

Sql injection

A vulnerability, which was classified as critical, was found in Kashipara Billing Software 1.0. This affects an unknown part of the file materialbill.php of the component HTTP POST Request Handler. The manipulation of the argument itemtypeid leads to sql injection. It is possible to initiate the...

Sql injection

A vulnerability, which was classified as critical, has been found in Kashipara Billing Software 1.0. Affected by this issue is some unknown functionality of the file submitdeliverylist.php of the component HTTP POST Request Handler. The manipulation of the argument customerdetails leads to sql...

Sql injection

A vulnerability classified as critical was found in Kashipara Billing Software 1.0. Affected by this vulnerability is an unknown functionality of the file buyerdetailsubmit.php of the component HTTP POST Request Handler. The manipulation of the argument gstnno leads to sql injection. The attack c...

Security feature bypass

A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to...

Sql injection

A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/action/editchicken.php. The manipulation of the argument ref leads to sql injection. The attack can be initiated remotely...

Information disclosure

A vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...

Sql injection

A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/action/new-feed.php. The manipulation of the argument typefeed leads to sql injection. It is possible to initiate the attack remotel...

Sql injection

A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/action/delete-vaccine.php. The manipulation of the argument ref leads to sql injection. The attack may be launched...

Sql injection

A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/addcon.php. The manipulation of the argument chicken leads to sql injection. The attack can be...

Sql injection

A vulnerability, which was classified as critical, was found in code-projects Fighting Cock Information System 1.0. Affected is an unknown function of the file admin/pages/tables/addcon.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely...

Sql injection

A vulnerability, which was classified as critical, has been found in code-projects Fighting Cock Information System 1.0. This issue affects some unknown processing of the file admin/action/updatemother.php. The manipulation of the argument agemother leads to sql injection. The attack may be...

Sql injection

A vulnerability classified as critical was found in Taokeyun up to 1.0.5. This vulnerability affects the function index of the file application/index/controller/app/Task.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be...

Sql injection

A vulnerability classified as critical has been found in Taokeyun up to 1.0.5. This affects the function index of the file application/index/controller/app/Video.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate...

Sql injection

A vulnerability was found in Taokeyun up to 1.0.5. It has been rated as critical. Affected by this issue is the function shopGoods of the file application/index/controller/app/store/Goods.php of the component HTTP POST Request Handler. The manipulation of the argument keyword leads to sql...

Sql injection

A vulnerability was found in Taokeyun up to 1.0.5. It has been declared as critical. Affected by this vulnerability is the function index of the file application/index/controller/m/Drs.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The...

Design/Logic Flaw

Chromium Embedded Framework CEF is a simple framework for embedding Chromium-based browsers in other applications.CefVideoConsumerOSR::OnFrameCaptured does not check pixelformat properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e...

Design/Logic Flaw

Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f...

Cross site scripting

The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

Sql injection

A vulnerability was found in Taokeyun up to 1.0.5. It has been classified as critical. Affected is the function login of the file application/index/controller/m/User.php of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. It is possible to...

Sql injection

A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/editchicken.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

Sql injection

A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/action/update-deworm.php. The manipulation of the argument usagedeworm leads to sql injection. The attack can be initiated...

Cross site scripting

A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclos...

Cross site scripting

QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting XSS vulnerability within the component qnme-ajax?method=treelevel...

Directory traversal

An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI from views.py, allows attackers to write to arbitrary files...

Command injection

An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command...

Cross site scripting

QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=treetable...

Improper access control

Incorrect access control in QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server...

Remote code execution

An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands...

Cross site scripting

An authenticated reflected cross-site scripting XSS vulnerability in QStar Archive Solutions Release RELEASE3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link...